Im trying to delete records. Most delete ok but some don't and Im completly lost as to why... The information Im storing are just URLs. Could it be to do with some irregular characters within these URLs? Is there a recomended way to store a URL? Please help me out. Its quite a major flaw in my script Here are the records which wont delete http://www.theflickzone.com/showthread.php?p=24961#post24961 http://www.theflickzone.com/tags.php?tag=Google+Video http://www.theflickzone.com/showthread.php?p=25067#post25067 http://www.theflickzone.com/member.php?find=lastposter&f=34 http://www.theflickzone.com/member.php?find=lastposter&f=31 http://www.theflickzone.com/showthread.php?p=24961#post24961 http://www.theflickzone.com/tags.php?tag=Google+Video http://www.theflickzone.com/showthread.php?p=25067#post25067 http://www.theflickzone.com/member.php?find=lastposter&f=34 http://www.theflickzone.com/member.php?find=lastposter&f=31 Code (markup): Well there are just some. There are many more. Thanks
We can't tell you, why you can't delete them, as we don't know your db structure and the way how you are trying to delete them ! Let me know your deletion query ( sql ) and what fields do you have in your database ..
There you are <?php include('includes/config.php'); $referer = $_SERVER['HTTP_REFERER']; $addtolist = $_GET['add']; mysql_query("DELETE FROM spider WHERE url='$addtolist'")or die(mysql_error()); header("Location: $referer"); mysql_close($con); ?> PHP:
Try this : <?php include('includes/config.php'); $referer = $_SERVER['HTTP_REFERER']; $addtolist = $_GET['add']; $parsed_add = htmlentities($addtolist); // do not execute any of html/php code in your string ( 2+2 = 4 .. in this case it will remain as 2+2 ) mysql_query("DELETE FROM spider WHERE url='$parsed_add'")or die(mysql_error()); header("Location: $referer"); mysql_close($con); ?> PHP:
Nope that didn't work EDIT: I just tried urlencode() and urldecode(), working off the same principle you posted, and that didn't work.
In that case, you will need to use POST method .. As I see, you have # sign in your url's - it means that everything behind it, will be considered as a bookmark and will not be included in your GET variable ! Example : Get method : You can't fix it .. Choose another method of passing variables
I hope you are aware that someone could empty your whole table by passing in a value for 'add' like this: ' or 1=1 or url=' ActiveFrost's remaking, which uses htmlentities(), doesn't solve that problem because htmlentities() by default does not do anything with single quotes.
Here's a safer query: mysql_query("DELETE FROM spider WHERE url='".mysql_real_escape_string($addtolist)."'")or die(mysql_error()); PHP: Anyway, how does the url looks like? I don't understand what do u mean by these? http://www.theflickzone.com/showthread.php?p=24961#post24961 http://www.theflickzone.com/tags.php?tag=Google+Video http://www.theflickzone.com/showthread.php?p=25067#post25067 http://www.theflickzone.com/member.php?find=lastposter&f=34 http://www.theflickzone.com/member.php?find=lastposter&f=31 http://www.theflickzone.com/showthread.php?p=24961#post24961 http://www.theflickzone.com/tags.php?tag=Google+Video http://www.theflickzone.com/showthread.php?p=25067#post25067 http://www.theflickzone.com/member.php?find=lastposter&f=34 http://www.theflickzone.com/member.php?find=lastposter&f=31 Code (markup):
Your code will not help in this case .. The problem is that he want to pass string via get method, which contains /illegal/ characters ( like #, etc. ) and results as an error ( not the string we wanted to pass )
Not to change what you're trying to do completely BUT... it would be much better if you assigned a numerical value to each URL in a seperate field and made that field an index. Searching through a database of strings like that can really kill a server with a lot of simultaneous requests. If you are planning on having the same URL several times in the table and need to delete all instances of it then you can use parse_url to split up the URL into seperate fields to make the searches faster and search that way. Just my $0.02
Thats better in theory but how would the user know what they are looking at? They would just see an ID? So I would have to query the DB anyway to give it some sort of an identifyer. Thanks for your input though
The advice you got was good. Querying the database using an indexed ID number is dramatically faster than searching the database for an arbitrary-length text string like a URL. You may not notice it when your database is small and your traffic is light, but you sure will when you try to scale up.